[security-announce] openSUSE not affected by OpenSSL CVE-2015-1793
Dear openSUSE users,
The OpenSSL Project recently pre-announced [1], and how has released [2]
an advisory for a security issue with a severity rated "high". This was
picked up in various news articles [3] [4]. A detail which was not known
to the general public at the time when these were written was that the
issue affects 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o specifically. The fixed
releases are 1.0.1p and 1.0.2d, and CVE-2015-1793 was assigned to the issue.
The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected.
The openSUSE Tumbleweed distribution never received a vulnerable version
and was never affected. The next submission into Factory will skip any
vulnerable versions.
We have updated the Bugzilla entry [5] and CVE page [6] to that effect.
[1] https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
[2] https://www.openssl.org/news/secadv_20150709.txt
[3]
http://www.heise.de/security/meldung/Kritischer-OpenSSL-Patch-voraus-2739804...
[4]
http://www.securityweek.com/openssl-preparing-updates-patch-high-severity-vu...
[5] https://bugzilla.opensuse.org/show_bug.cgi?id=CVE-2015-1793
[6] https://www.suse.com/security/cve/CVE-2015-1793.html
On behalf of the SUSE Security team,
Andreas Stieger
--
Andreas Stieger
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-09 16:07, Andreas Stieger wrote:
The OpenSSL versions shipped in openSUSE 13.1 and 13.2 are not affected.
What about 11.4? Does evergreen 11.4 need an update? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlWeolkACgkQja8UbcUWM1xUWAD/bSXB6GvJTDvXyfN7Fyr09pnd 6CdwsJDtdWGDjkcIwmAA/RQare1/67XxxRinNZXq242Lw+IRZTAzoqm4EtCTVy8Y =YA3/ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
participants (2)
-
Andreas Stieger
-
Carlos E. R.